formbook

General

Target

JaffaCakes118_a0c56715718ab1aafb443d81eb18c70457a831c7c70b84e7a0e1a78ddd262ad4
Size

920KB
Sample

241222-eswcpasrcz
MD5

f1b70abf2b8025847303983b24954d30
SHA1

a91fbfe3e39a6c4575d19a05ebcc498b32a8ac79
SHA256

a0c56715718ab1aafb443d81eb18c70457a831c7c70b84e7a0e1a78ddd262ad4
SHA512

f47ef1c303e9137b0682f0bb8491ec08ac9803f62f53b4ccc9e3f7a77ede9cd285bda04d1831138f61cfb70905c7a87d3a2ae31944596c42643029ba6aab6d82
SSDEEP

24576:nauS3gd0WSaqiwvP/LD5c8+K4q0dTgM/8RJrRAqo/E+2AN:nBWtVPjm8+K4qmx/8rrRAqo/EAN

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

vfha

Decoy

study-pods.com

shopoctobersfire.com

pandeo.net

museumofhelloandgoodbye.com

jmj-painting-co.com

arquibitacora.com

trapcommander.com

mudujiaju.com

pizzeriavaleria.com

christineandshivam.com

serviziidrauliciitinfo.com

slardayest.com

focusdekalb.com

alzaki-ict.com

talentx.digital

posm.world

glamourmenatural.com

jnfsh.com

williammayfuneralhome.com

knapptrickgoldens.com

Targets

- Target
  
  quotes.exe
- Size
  
  1.5MB
- MD5
  
  449b354bae4e91fa221fead4b28e9e2e
- SHA1
  
  13836da21d00a852875a9898a2a1d2de850853ac
- SHA256
  
  fdaff4a767e56df286e64cf76255f0a2a75d9be940dd9d2433a44ed5ad027140
- SHA512
  
  513c49ab477922ce9a4545a6436606c0c2367faf7c6200a278fc43fe50c0f20037ea344058b4b9a8f98b4308ec326e3d73f7f2283fbdd777a3200fa98a16cebc
- SSDEEP
  
  12288:2bZzaj/SGUD2vjdnLc6paNrK8XjDvbQIrtH0F4KmsuyaxsxThkGCwKHiC/2PC375:w2vSk80SH9ibaWxFk3lCClkYcKU6GH
Score

10^/10

formbook vfha discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2